Author: hbelusca Date: Fri Mar 8 22:40:38 2013 New Revision: 58446

URL: http://svn.reactos.org/svn/reactos?rev=58446&view=rev Log: [SERVICES-ADVAPI32] - Check for possible null pointers (invalid address) before dereferencing them. - Correct some DPRINT formatting.

Modified: trunk/reactos/base/system/services/rpcserver.c trunk/reactos/base/system/services/services.c trunk/reactos/dll/win32/advapi32/service/scm.c

Modified: trunk/reactos/base/system/services/rpcserver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcser... ============================================================================== --- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -2764,7 +2764,7 @@ lpStr += (wcslen(lpStr) + 1);

/* Append the group name */ - if (lpService->lpGroup != NULL) + if ((lpService->lpGroup != NULL) && (lpService->lpGroup->lpGroupName != NULL)) { wcscpy(lpStr, lpService->lpGroup->lpGroupName); } @@ -3733,6 +3733,11 @@

DPRINT("REnumServicesStatusA() called\n");

+ if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; + } + if ((dwBufSize > 0) && (lpBuffer)) { lpStatusPtrW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBufSize); @@ -4496,6 +4501,11 @@ { DPRINT1("Invalid service manager handle!\n"); return ERROR_INVALID_HANDLE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; }

*pcbBytesNeeded = 0; @@ -5750,6 +5760,11 @@

DPRINT("REnumServicesStatusExA() called\n");

+ if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; + } + if (pszGroupName) { pszGroupNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (strlen(pszGroupName) + 1) * sizeof(WCHAR)); @@ -5893,6 +5908,11 @@ { DPRINT1("Invalid service manager handle!\n"); return ERROR_INVALID_HANDLE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; }

*pcbBytesNeeded = 0;

Modified: trunk/reactos/base/system/services/services.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/servic... ============================================================================== --- trunk/reactos/base/system/services/services.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/services.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -173,7 +173,7 @@

hPipe = (HANDLE)Context;

- DPRINT("ScmNamedPipeThread(%lu) - Accepting SCM commands through named pipe\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Accepting SCM commands through named pipe\n", hPipe);

for (;;) { @@ -201,13 +201,13 @@ } }

- DPRINT("ScmNamedPipeThread(%lu) - Disconnecting named pipe connection\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Disconnecting named pipe connection\n", hPipe);

FlushFileBuffers(hPipe); DisconnectNamedPipe(hPipe); CloseHandle(hPipe);

- DPRINT("ScmNamedPipeThread(%lu) - Done.\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Done.\n", hPipe);

return ERROR_SUCCESS; } @@ -237,7 +237,7 @@ return FALSE; }

- DPRINT("CreateNamedPipe() - calling ConnectNamedPipe(%x)\n", hPipe); + DPRINT("CreateNamedPipe() - calling ConnectNamedPipe(%p)\n", hPipe); bConnected = ConnectNamedPipe(hPipe, NULL) ? TRUE : (GetLastError() == ERROR_PIPE_CONNECTED); DPRINT("CreateNamedPipe() - ConnectNamedPipe() returned %d\n", bConnected);

Modified: trunk/reactos/dll/win32/advapi32/service/scm.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/service/... ============================================================================== --- trunk/reactos/dll/win32/advapi32/service/scm.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/service/scm.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -165,6 +165,8 @@

TRACE("ChangeServiceConfig2A() called\n");

+ if (lpInfo == NULL) return TRUE; + /* Fill relevent field of the Info structure */ Info.dwInfoLevel = dwInfoLevel; switch (dwInfoLevel) @@ -184,9 +186,6 @@ return FALSE; }

- if (lpInfo == NULL) - return TRUE; - RpcTryExcept { dwError = RChangeServiceConfig2A((SC_RPC_HANDLE)hService, @@ -223,6 +222,8 @@ DWORD dwError;

TRACE("ChangeServiceConfig2W() called\n"); + + if (lpInfo == NULL) return TRUE;

/* Fill relevent field of the Info structure */ Info.dwInfoLevel = dwInfoLevel; @@ -241,9 +242,6 @@ SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - - if (lpInfo == NULL) - return TRUE;

RpcTryExcept { @@ -923,6 +921,12 @@ if (!hSCManager) { SetLastError(ERROR_INVALID_HANDLE); + return FALSE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); return FALSE; }

@@ -1027,6 +1031,12 @@ return FALSE; }

+ if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUSA)) { lpStatusPtr = &ServiceStatus; @@ -1110,6 +1120,12 @@ if (!hSCManager) { SetLastError(ERROR_INVALID_HANDLE); + return FALSE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); return FALSE; }

@@ -1207,8 +1223,13 @@ return FALSE; }

- if (lpServices == NULL || - cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSA)) + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSA)) { lpStatusPtr = &ServiceStatus; dwBufferSize = sizeof(ENUM_SERVICE_STATUS_PROCESSA); @@ -1307,8 +1328,13 @@ return FALSE; }

- if (lpServices == NULL || - cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSW)) + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSW)) { lpStatusPtr = &ServiceStatus; dwBufferSize = sizeof(ENUM_SERVICE_STATUS_PROCESSW);